Allow user to remove terms and conditions file

app/assets/javascripts/admin/enterprises/controllers/enterprise_controller.js.coffee

@@ -82,6 +82,13 @@ angular.module("admin.enterprises")
         .then $scope.removeImageSuccessCallback("removed_promo_image_successfully"),
               $scope.removeImageSuccessCallback()
 
+    $scope.removeTermsAndConditions = ->
+      return unless confirm($scope.translation("immediate_terms_and_conditions_removal_warning"))
+
+      Enterprises.removeTermsAndConditions($scope.Enterprise)
+        .then $scope.removeImageSuccessCallback("removed_terms_and_conditions_successfully"),
+              $scope.removeImageSuccessCallback()
+
     $scope.removeImageSuccessCallback = (success_message_key) ->
       (data) ->
         $scope.Enterprise = angular.copy(data)

app/assets/javascripts/admin/resources/resources/enterprise_resource.js.coffee

@@ -14,4 +14,7 @@ angular.module("admin.resources").factory 'EnterpriseResource', ($resource) ->
     'removePromoImage':
       url: '/api/enterprises/:id/promo_image.json'
       method: 'DELETE'
+    'removeTermsAndConditions':
+      url: '/api/enterprises/:id/terms_and_conditions.json'
+      method: 'DELETE'
   })

app/assets/javascripts/admin/resources/services/enterprises.js.coffee

@@ -52,3 +52,4 @@ angular.module("admin.resources").factory 'Enterprises', ($q, EnterpriseResource
 
     removeLogo: performActionOnEnterpriseResource(EnterpriseResource.removeLogo)
     removePromoImage: performActionOnEnterpriseResource(EnterpriseResource.removePromoImage)
+    removeTermsAndConditions: performActionOnEnterpriseResource(EnterpriseResource.removeTermsAndConditions)

app/controllers/api/terms_and_conditions_controller.rb

@@ -0,0 +1,16 @@
+module Api
+  class TermsAndConditionsController < Api::EnterpriseAttachmentController
+    private
+
+    def attachment_name
+      :terms_and_conditions
+    end
+
+    def enterprise_authorize_action
+      case action_name.to_sym
+      when :destroy
+        :remove_terms_and_conditions
+      end
+    end
+  end
+end

app/models/spree/ability_decorator.rb

@@ -97,7 +97,7 @@ class AbilityDecorator
     end
 
     can [:admin, :index, :create], Enterprise
-    can [:read, :edit, :update, :remove_logo, :remove_promo_image, :bulk_update, :resend_confirmation], Enterprise do |enterprise|
+    can [:read, :edit, :update, :remove_logo, :remove_promo_image, :remove_terms_and_conditions, :bulk_update, :resend_confirmation], Enterprise do |enterprise|
       OpenFoodNetwork::Permissions.new(user).editable_enterprises.include? enterprise
     end
     can [:welcome, :register], Enterprise do |enterprise|

app/serializers/api/admin/enterprise_serializer.rb

@@ -20,6 +20,12 @@ class Api::Admin::EnterpriseSerializer < ActiveModel::Serializer
     attachment_urls(object.promo_image, [:thumb, :medium, :large])
   end
 
+  def terms_and_conditions
+    return unless @object.terms_and_conditions.file?
+
+    @object.terms_and_conditions.url
+  end
+
   def tag_groups
     object.tag_rules.prioritised.reject(&:is_default).each_with_object([]) do |tag_rule, tag_groups|
       tag_group = find_match(tag_groups, tag_rule.preferred_customer_tags.

config/locales/en.yml

@@ -1207,6 +1207,8 @@ en:
       destroy_attachment_does_not_exist: "Logo does not exist"
     enterprise_promo_image:
       destroy_attachment_does_not_exist: "Promo image does not exist"
+    enterprise_terms_and_conditions:
+      destroy_attachment_does_not_exist: "Terms and Conditions file does not exist"
     orders:
       failed_to_update: "Failed to update order"
 
@@ -2705,6 +2707,8 @@ See the %{link} to find out more about %{sitename}'s features and to start using
             immediate_logo_removal_warning: "The logo will be removed immediately after you confirm."
             removed_promo_image_successfully: "Promo image removed successfully"
             immediate_promo_image_removal_warning: "The promo image will be removed immediately after you confirm."
+            immediate_terms_and_conditions_removal_warning: "The Terms and Conditions file will be removed immediately after you confirm."
+            removed_terms_and_conditions_successfully: "Terms and Conditions file removed successfully"
     insufficient_stock: "Insufficient stock available, only %{on_hand} remaining"
     out_of_stock:
       reduced_stock_available: Reduced stock available

config/routes/api.rb

@@ -33,6 +33,7 @@ Openfoodnetwork::Application.routes.draw do
 
       resource :logo, only: [:destroy]
       resource :promo_image, only: [:destroy]
+      resource :terms_and_conditions, only: [:destroy]
     end
 
     resources :shops, only: [:show] do

spec/controllers/api/terms_and_conditions_controller_spec.rb

@@ -0,0 +1,50 @@
+require "spec_helper"
+
+module Api
+  describe TermsAndConditionsController, type: :controller do
+    include AuthenticationHelper
+
+    let(:enterprise_owner) { create(:user) }
+    let(:enterprise) { create(:enterprise, owner: enterprise_owner ) }
+    let(:enterprise_manager) { create(:user, enterprises: [enterprise]) }
+
+    describe "removing terms and conditions file" do
+      fake_terms_file_path = File.open(Rails.root.join("app", "assets", "images", "logo-black.png"))
+      let(:terms_and_conditions_file) { Rack::Test::UploadedFile.new(fake_terms_file_path, "application/pdf") }
+      let(:enterprise) { create(:enterprise, owner: enterprise_owner) }
+
+      before do
+        allow(controller).to receive(:spree_current_user) { current_user }
+        enterprise.update terms_and_conditions: terms_and_conditions_file
+      end
+
+      context "as manager" do
+        let(:current_user) { enterprise_manager }
+
+        it "removes terms and conditions file" do
+          spree_delete :destroy, enterprise_id: enterprise
+
+          expect(response).to be_success
+          expect(json_response["id"]).to eq enterprise.id
+          enterprise.reload
+          expect(enterprise.terms_and_conditions?).to be false
+        end
+
+        context "when terms and conditions file does not exist" do
+          let(:enterprise) { create(:enterprise, owner: enterprise_owner) }
+
+          before do
+            enterprise.update terms_and_conditions: nil
+          end
+
+          it "responds with error" do
+            spree_delete :destroy, enterprise_id: enterprise
+
+            expect(response.status).to eq(409)
+            expect(json_response["error"]).to eq I18n.t("api.enterprise_terms_and_conditions.destroy_attachment_does_not_exist")
+          end
+        end
+      end
+    end
+  end
+end

spec/models/spree/ability_spec.rb

@@ -300,11 +300,11 @@ module Spree
           let!(:er_pd) { create(:enterprise_relationship, parent: d_related, child: d1, permissions_list: [:edit_profile]) }
 
           it "should be able to edit enterprises it manages" do
-            is_expected.to have_ability([:read, :edit, :update, :remove_logo, :remove_promo_image, :bulk_update, :resend_confirmation], for: d1)
+            is_expected.to have_ability([:read, :edit, :update, :remove_logo, :remove_promo_image, :remove_terms_and_conditions, :bulk_update, :resend_confirmation], for: d1)
           end
 
           it "should be able to edit enterprises it has permission to" do
-            is_expected.to have_ability([:read, :edit, :update, :remove_logo, :remove_promo_image, :bulk_update, :resend_confirmation], for: d_related)
+            is_expected.to have_ability([:read, :edit, :update, :remove_logo, :remove_promo_image, :remove_terms_and_conditions, :bulk_update, :resend_confirmation], for: d_related)
           end
 
           it "should be able to manage shipping methods, payment methods and enterprise fees for enterprises it manages" do